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DETAILED ACTION 

Claims 1-12, 14-15, and 17-21 have been examined. 

EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Michael Cesarano on 12/30/2005. 

The application has been amended as follows: 
IN THE CLAIMSj ?L#&6 WfrH^O CL/VIMS M-2-, \%A°[ M foLLDK); 
Claim 1: 

A network address translating ("NAT") gateway for detecting datagrams having 
process-specific nontranslatable port addresses and passing said datagrams through 
the NAT gateway without translating their port addresses, said NAT gateway connecting 
a LAN to an external network, said LAN using local IP addresses said NAT gateway 
having a local IP address that can be referenced by devices on said LAN and having an 
external IP address that can be referenced by devices on said external network, said 
NAT gateway comprising: 

said NAT gateway having a plurality of internal tables associating combinations 
of local IP addresses of local devices on said LAN, external IP addresses of external 
devices on said external network, security parameter index ("SPI") - In values, SPI - Out 
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values, source port addresses, destination port addresses, and process-specific port 
addresses; 

said NAT gateway maintaining a list of selected process-specific nontranslatable 
port addresses to which datagrams can be passed without translating their port 
addresses; 

means for performing normal address translation upon datagrams passing from 
said LAN to said external network and datagrams passing from said external network to 
said LAN; 

means for delivering a datagram from a local device on said LAN to an external 
device on said external network by receiving a datagram from a local device on said 
LAN intended for delivery to an external device on said external network, and 
determining whether the destination port address for said datagram is included in said 
list of selected process-specific nontranslatable port addresses and, if said destination 
port address is not included in said list of selected process-specific nontranslatable port 
addresses, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device; 

and if said destination port address is included in said list of selected process- 
specific nontranslatable port addresses, determining whether said destination port 
address is bound to a local IP address, and if said destination port address is bound to 
a local IP address, performing normal address translation upon said datagram and 
passing said datagram to said external network; 
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and if said destination port address is not bound to a local IP address, passing 
said datagram through said NAT gateway without translating said port addresses of said 
datagram, modifying said source IP address of said datagram to be said external IP 
address of said NAT gateway, binding said destination port address to the local IP 
address of said local device and creating an association between said destination port 
address and the external IP address of said external device, and passing said datagram 
to said external network for routing and delivery to said external device. 
Claim 2: 

The NAT gateway of claim 1, wherein the means for delivering a datagram from 
a local device on said LAN to an external device further comprises a means for 
determining whether said datagram is encrypted and, if said datagram is encrypted, 
determining whether the SPI of said datagram is recorded in the SPI - Out field in said 
internal table and, if said SPI is recorded in said SPI - Outfield, modifying the source IP 
address of said datagram to be said external IP address of said NAT gateway and 
passing said datagram to said external network for routing and delivery to said external 
device. 
Claim 3: 

The NAT gateway of claim 2, further comprising if said SPI is not recorded in said 
SPI - Out field of said internal table, means for setting the SPI - In field corresponding to 
the local IP address of said local device equal to zero and setting said SPI - Out field 
equal to said SPI, modifying said source IP address of said datagram to be said 
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external IP address of said NAT gateway and passing said datagram to said external 
network for routing and delivery to said external device. 
Claim 4: 

The NAT gateway of claim 1 , wherein the NAT gateway further comprises means 
for delivering a datagram from said external device to said local device by receiving a 
datagram from said external device on said external network intended for delivery to 
said local device on said LAN, means for determining whether said datagram is 
encrypted and, if said datagram is encrypted, determining whether the datagram's SPI 
is recorded in said SPI - In field of said internal table and, if said SPI is recorded in said 
SPI - In field, modifying the destination IP address of said datagram to be said local IP 
address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, 

and if said SPI is not recorded in said SPI - In field of said internal table, 
determining whether said SPI - In field corresponding to said IP address of said external 
device is equal to zero and, if said SPI - In field is not equal to zero, discarding said 
datagram, and if said SPI - In field is equal to zero, setting said SPI - In field equal to 
said SPI, modifying the destination IP address of said datagram to be said local IP 
address of said local device and passing said datagram to said LAN for delivery to said 
local device, 

and if said datagram is not encrypted, determining whether the destination port 
address for said datagram is included in said list of selected process-specific port 
nontranslatable addresses and, if said destination port address is not included in said 
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list of selected process-specific nontranslatable port addresses, performing normal 
address translation upon said datagram and passing said datagram to said LAN for 
delivery to said local device, 

and if said destination port address is included in said list of selected process- 
specific nontranslatable port addresses, determining whether said destination port 
address is bound to a local IP address, and if said destination port address is not bound 
to a local IP address, discarding said datagram, and if said destination port address is 
bound to a local IP address, determining whether said destination port address is 
associated with the external IP address of said external device, and if said destination 
port address is associated with the external IP address of said external device, 
modifying said destination IP address of said datagram to be the bound local IP address 
of said local device, unbinding said destination port address from said local IP address, 
and passing said datagram through to said LAN for delivery to said local device. 
Claim 5: 

The NAT gateway of claim 1, further comprising a timer, wherein, upon receiving 
a signal that a selected process-specific nontranslatable port address has become 
bound to an IP address, said timer will commence timing for a predetermined length of 
time and, upon the expiration of said predetermined length of time, will send a signal 
causing said selected process-specific nontranslatable port address to become 
unbound from said IP address, and, upon receiving a signal indicating that said selected 
process-specific nontranslatable port address has become unbound from said IP 
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address prior to the expiration of said predetermined length of time, said timer will stop 
timing and will reset. 
Claim 6: 

The NAT gateway of claim 1 in which said external network is the internet. 
Claim 7: 

The NAT gateway of claim 6 in which said LAN is a virtual private network. 
Claim 8: 

A method of processing IP datagrams from a local device on a LAN using local 
IP addresses through a network address translating ("NAT") gateway to an external 
device on an external network by passing datagrams having process-specific port 
addresses through said NAT gateway without translating said port addresses, 
comprising the steps of: 

maintaining a plurality of tables associating local IP addresses of local devices on 
said LAN, external IP addresses of external devices on said external network, port 
addresses of said local devices, port addresses of said external devices, security 
parameter index ("SPI") - In values, SPI - Out values, and process-specific port 
addresses, and a list of selected process-specific port addresses to which datagrams 
can be passed without translating their port addresses; 

receiving a datagram from said LAN; 

determining whether the destination port address for said datagram is included in 
said list of selected process-specific port addresses and, if said destination port address 
is not included in said list of selected process-specific port addresses, performing 
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normal address translation upon said datagram and passing said datagram to said 
external network for routing and delivery to said external device; 

and if said destination port address is included in said list of selected process- 
specific port addresses, determining whether said destination port address is bound to 
an IP address, and if said destination port is bound to an IP address, performing normal 
address translation upon said datagram and passing said datagram to said external 
network; 

and if said destination port address is not bound to an IP address, passing said 
datagram through said NAT gateway without translating the port addresses in said 
datagram, modifying said source IP address to be said external IP address for said NAT 
gateway, binding said destination port address to the local IP address of said local 
device and creating an association between said destination port address and said 
external IP address of said external device, and passing said datagram to said external 
network for routing and delivery to said external device. 
Claim 9: 

The method of claim 8, further comprising the steps of: 
determining whether said datagram is encrypted and, if said datagram is 
encrypted, determining whether the SPI in said datagram is recorded in the SPI - Out 
field of one of said plurality of internal tables and, if said SPI is recorded in said SPI - 
Out field of said internal table, modifying the source IP address to be the external IP 
address of said NAT gateway and passing said datagram to said external network for 
routing and delivery to said external device, and if said SPI is not recorded in said SPI - 
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Out field of said internal table, setting said SPI - Out field corresponding to the IP 
address of said external device equal to said SPI and setting the SPI - In field of said 
internal table to zero, modifying said source IP address to be said external IP address of 
said NAT gateway, and passing said datagram to said external network for routing and 
delivery to said external device. 
Claim 10: 

A method of processing IP datagrams from an external device on an external 
network through a network address translating ("NAT") gateway to a local device on a 
LAN using local IP addresses, comprising the steps of 

maintaining a plurality of tables associating local IP addresses of local devices on 
said LAN, external IP addresses of external devices on said external network, port 
addresses of said local devices, port addresses of said external devices, security 
parameter index ("SPI") - In values, SPI - Out values, and process-specific port 
addresses, and a list of selected process-specific port addresses; 

receiving a datagram from said external network; 

determining whether said datagram is encrypted and if said datagram is not 
encrypted, determining whether the destination port address for said datagram is 
included in said list of selected process-specific port addresses, and if said destination 
port address is not included in said list of selected process-specific port addresses, 
performing normal address translation and passing said datagram to said LAN for 
routing and delivery to said local device, 
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and if said destination port address is included in said list of selected process- 
specific port addresses, determining whether said destination port address is bound to a 
local IP address, and if said destination port is not bound to a local IP address, 
discarding said datagram, 

and if said destination port address is bound to a local IP address, determining 
whether said destination port address is associated with the external IP address of said 
external device, and if said destination port address is associated with said external IP 
address of said external device, modifying said destination IP address to be the bound 
local IP address of said local device, unbinding said destination port address from said 
local IP address, and passing said datagram through said NAT gateway to said LAN for 
routing and delivery to said local device. 
Claim 12: 

The method of processing IP datagrams as claimed in claim 8, further comprising 
the steps of starting a timer whenever a selected process-specific port address 
becomes bound to said local IP address of said local device, 

resetting said timer whenever said destination port address has become 
released, 

and sending a signal whenever said timer is active and a predetermined length of 
time has expired from the time said timer was started. 
Claim 18: 

A machine readable storage, having stored thereon a computer program 
comprising a plurality of code sections executable by a machine for connecting a LAN to 
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an external network via a network address translating ("NAT") gateway, said NAT 
gateway having a local IP address that can be referenced by devices on said LAN and 
having an external IP address that can be referenced by devices on said external 
network, and further comprising a plurality of internal tables associating combinations of 
local IP addresses of local devices on said LAN, external IP addresses of external 
devices on said external network, source port addresses, destination port addresses, 
process-specific port addresses, and a list of selected process-specific port addresses 
including at least port 500, for causing the machine to pass datagrams through without 
translating port addresses where the port addresses in such datagrams are 
nontranslatable, said machine performing the steps of: 

processing a datagram from a local device on said LAN by receiving a datagram 
from a local device on said LAN intended for delivery to an external device on said 
external network; 

determining whether the destination port address for said datagram is included in 
said list of selected process-specific port addresses and determining whether said 
destination port address is bound to a local IP address on said LAN; 

and if said destination port address is not included in said list of selected 
process-specific port addresses, performing normal address translation upon said 
datagram and passing said datagram to said external network for routing and delivery to 
said external device; 

and if said destination port address is included in said list of selected process- 
specific port addresses, and said destination port address is bound to a local IP 
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address, performing normal address translation upon said datagram and passing said 
datagram to said external network; 

and if said destination port address is not bound to a local IP address on said 
LAN, modifying said source IP address of said datagram to be said external IP address 
of said NAT gateway, binding said destination port address to the local IP address of 
said local device and creating an association between said destination port address and 
the external IP address of said external device, and passing said datagram to said 
external network for routing and delivery to said external device without translating said 
port addresses of said datagram. 
Claim 19: 

The NAT gateway of claim 1 wherein said list of selected process-specific 
nontranslatable port addresses to which datagrams can be passed without translating 
their port addresses comprises port 500. 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Fri. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Ponnoreay Pich 
Examiner 
Art Unit 21 35 
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